Re: Linux, BSD, and Unix are fundamentally insecure.
From: GreyCloud (mist_at_cumulus.com)
Date: 09/11/04
- Next message: james
hal-pc.org: "Re: How to set up system to load kernel load file at boot up" - Previous message: sam: "envsubst.1.gz: Could not stat...."
- In reply to: Mike Cox: "Re: Linux, BSD, and Unix are fundamentally insecure."
- Next in thread: Freeride: "Re: Linux, BSD, and Unix are fundamentally insecure."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 10 Sep 2004 20:28:43 -0600
Mike Cox wrote:
> cmad <cmad_x@NOyahoo.comSPAM> wrote in message news:<chrdtu$6ck$1@usenet.otenet.gr>...
>
>>Mike Cox wrote:
>>
>>
>>>When this consultant showed up, my MCSEs were ready to show how much
>>>more powerful and bulletproof Windows is compared to Linux/BSD/UNIX.
>>
>>$$$$$
>>
>>
>>>When the consultant was done with the demo, my MCSE, Scott, went up to
>>>the Linux box, and did the following:
>>
>>And he had to first get past the initial password check to do that,
>>right? But in front of him he had a box, where he had root access. Of
>>course he could do the below, and many many others.
>>
>>
>>>linux init=/bin/sh
>>>mount -o remount -rw /
>>>mount /proc
>>>passwd
>>>mount -o remount -ro /
>>>umount /proc
>>
>>Is it just me or did he do a "skills showoff"? 5/6 of the above commands
>> needn't have been typed.
>>
>>
>>>When Scott rebooted the machine, he typed in the new root password and
>>>was in. The consultants jaw dropped, my boss laughed, and will now
>>>trust my MCSE's judgement in all things related to IT in the company.
>>
>>If you want to run Windows, run Windows; no one is stopping you.... But
>>believing that *nix is insecure because someone with root access to it
>>changed the password is quite funny.
>
>
> That's not what he did. You don't understand *nix if you don't know
> that everyone of those commands is needed. The box was not logged in
> to, it had the login prompt there. Scott rebooted (ctrl alt del) the
> machine and passed a command to GRUB that booted linux into the BASH
> shell. He then mounted the /proc file system and then the /
> filesystem. He then changed the password.
>
> Every *nix machine is vulnerable to this sort of local security flaw.
> If you password protect the BIOS to prevent this, someone can just
> take out the battery out of the PC and then the BIOS password is
> reset. Someone can just take the Linux disk out, boot their own system
> and mount your disk no problem.
>
> Windows doesn't have this flaw. It requires the Administrator
> password before it will let you into safe mode or use the Windows 2000
> recovery CD. If you use the NTFS filesystem, you can select to
> encrypt the hard drive filesystem. That prevents someone from taking
> the disk out and trying to mount it using another OS. If you have
> encryption enabled, and mount a Windows disk on Linux, you wont be
> able to get in. I've tried it. Heck, once i've forgotten my Windows
> 2000 Admin password and was locked out forever. But not with Linux.
> Forget you root password, and you can get a new one in about 1 minute.
> Not very secure. Not ready for the enterprise.
>
> And a BIOS password is not a fix. Someone can just take the battery
> out of the PC and it is reset.
Yeah, sure... then how come it isn't virus safe then?
-- --------------------------------- The Golden Years Sux.
- Next message: james
hal-pc.org: "Re: How to set up system to load kernel load file at boot up" - Previous message: sam: "envsubst.1.gz: Could not stat...."
- In reply to: Mike Cox: "Re: Linux, BSD, and Unix are fundamentally insecure."
- Next in thread: Freeride: "Re: Linux, BSD, and Unix are fundamentally insecure."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
